Don’t have the cash for a $2000 - 3000 penetration testing course? Don’t know which tools are outdated or relevant? Lost in the sea of Backtrack options? You learn better on your own anyway?

No problem!

BackTrack 4: Assuring Security by Penetration Testing (BASPT), authored by Shakeel Ali and Tedi Heriyanto, is a 12-chapter compendium on everyone’s favorite hacking distribution, Backtrack 4. Filling the need for a refresher to older titles on abandoned projects like Knoppix or Auditor (see somewhat outdated: Penetration Tester’s Open Source Toolkit, Vol. 2), BASPT gives syntax and usage tips on a plethora of different tools included in the suite and is broken down into the generic pentesting methodology with which most people today are familiar. Not only that, but also the book itself reads like some of those intro to penetration testing classes we have all been to costing many more times the cost of a single book.

Intrigued? Let’s take a closer look.

Enjoy this review and be sure to check out Jason Haddix's column by cicking on his name above,Don

To clarify, the comparison to Web Application Hacker's Handbook is primarily one of quality as something that intends to teach the reader something. The prose around the technical material is much better-written as well, which is the worst failing of this Backtrack book.

In my work, I interact with a lot of students that are beginning to take an interest in penetration testing, and I rarely if ever recommend books that are primarily references to commands. In the case of Backtrack, I'd rather show them how to pull up the individual tools' documentation for that kind of information.

What I do recommend to beginners are "subject area" books, which take a more in-depth look at a certain topic/technique/specialization. My default recommendation for this is Web Application Hacker's Handbook, since it's very easy for a beginner to get into breaking web apps. If they're coming in with the appropriate background and are interested in it, I may steer them towards Hacking: The Art of Exploitation 2nd Edition or Reversing: Secrets of Reverse Engineering instead.